Updated Cron Mail Queuer - Removed HTMLPurify and HTML Encoding using HTMLEntities as these are unnessaery and were cuasing extra cpu load and possible data corruption and are passed off to PHPMailer which handles this by default plus recipient email clients should handle XSS as well

2026-02-28 02:44:53 +00:00 · 2024-01-19 17:39:28 -05:00
parent 9559c11c25
commit 289031b691
1 changed files with 16 additions and 24 deletions
--- a/cron_mail_queue.php
+++ b/cron_mail_queue.php
@@ -1,16 +1,8 @@
 <?php

 require_once "config.php";
-
 require_once "functions.php";

-//Initialize the HTML Purifier to prevent XSS
-require "plugins/htmlpurifier/HTMLPurifier.standalone.php";
-
-$purifier_config = HTMLPurifier_Config::createDefault();
-$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
-$purifier = new HTMLPurifier($purifier_config);
-
 $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");

 $row = mysqli_fetch_array($sql_settings);
@@ -74,14 +66,14 @@ $sql_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email_status
 if (mysqli_num_rows($sql_queue) > 0) {
    while ($row = mysqli_fetch_array($sql_queue)) {
        $email_id = intval($row['email_id']);
-        $email_from = nullable_htmlentities($row['email_from']);
-        $email_from_name = nullable_htmlentities($row['email_from_name']);
-        $email_recipient = nullable_htmlentities($row['email_recipient']);
-        $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
-        $email_subject = $purifier->purify($row['email_subject']);
-        $email_content = $purifier->purify($row['email_content']);
-        $email_queued_at = nullable_htmlentities($row['email_queued_at']);
-        $email_sent_at = nullable_htmlentities($row['email_sent_at']);
+        $email_from = $row['email_from'];
+        $email_from_name = $row['email_from_name'];
+        $email_recipient = $row['email_recipient'];
+        $email_recipient_name = $row['email_recipient_name'];
+        $email_subject = $row['email_subject'];
+        $email_content = $row['email_content'];
+        $email_queued_at = $row['email_queued_at'];
+        $email_sent_at = $row['email_sent_at'];

        // Sanitized Input
        $email_recipient_logging = sanitizeInput($row['email_recipient']);
@@ -129,14 +121,14 @@ $sql_failed_queue = mysqli_query($mysqli, "SELECT * FROM email_queue WHERE email
 if (mysqli_num_rows($sql_failed_queue) > 0) {
    while ($row = mysqli_fetch_array($sql_failed_queue)) {
        $email_id = intval($row['email_id']);
-        $email_from = nullable_htmlentities($row['email_from']);
-        $email_from_name = nullable_htmlentities($row['email_from_name']);
-        $email_recipient = nullable_htmlentities($row['email_recipient']);
-        $email_recipient_name = nullable_htmlentities($row['email_recipient_name']);
-        $email_subject = $purifier->purify($row['email_subject']);
-        $email_content = $purifier->purify($row['email_content']);
-        $email_queued_at = nullable_htmlentities($row['email_queued_at']);
-        $email_sent_at = nullable_htmlentities($row['email_sent_at']);
+        $email_from = $row['email_from'];
+        $email_from_name = $row['email_from_name'];
+        $email_recipient = $row['email_recipient'];
+        $email_recipient_name = $row['email_recipient_name'];
+        $email_subject = $row['email_subject'];
+        $email_content = $row['email_content'];
+        $email_queued_at = $row['email_queued_at'];
+        $email_sent_at = $row['email_sent_at'];
        // Increment the attempts
        $email_attempts = intval($row['email_attempts']) + 1;